Total
254954 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1272 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field. | |||||
CVE-2005-1775 | 1 Atari | 1 Terminator 3 War Of The Machines | 2024-02-04 | 5.0 MEDIUM | N/A |
Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a large nickname. | |||||
CVE-2005-3521 | 1 E107 | 1 E107 | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. | |||||
CVE-2006-1805 | 1 Powerscripts | 1 Powerclan | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter. | |||||
CVE-2005-0193 | 1 Isync | 1 Mrouter | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code. | |||||
CVE-2005-3148 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership. | |||||
CVE-2005-3969 | 1 Mxchange | 1 Mxchange | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
CVE-2005-3408 | 1 Greg Neustaetter | 1 Gcards | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter. | |||||
CVE-2006-3442 | 1 Microsoft | 1 Windows Xp | 2024-02-04 | 7.6 HIGH | N/A |
Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. | |||||
CVE-2006-0691 | 1 Scheduling Management.com | 1 Time Tracking Software | 2024-02-04 | 5.0 MEDIUM | N/A |
edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account. | |||||
CVE-2006-3566 | 1 Hivemail | 1 Hivemail | 2024-02-04 | 5.0 MEDIUM | N/A |
search.results.php in HiveMail 3.1 and earlier allows remote attackers to obtain the installation path via certain manipulations related to the (1) searchdate and (2) folderids parameters. | |||||
CVE-2006-4351 | 1 Oneorzero | 1 Oneorzero | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
CVE-2005-0469 | 1 Ncsa | 1 Telnet | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. | |||||
CVE-2005-0352 | 1 Woodstone | 1 Servers Alive | 2024-02-04 | 7.2 HIGH | N/A |
Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges. | |||||
CVE-2005-4621 | 1 Jelsoft | 1 Vbulletin | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. | |||||
CVE-2005-2180 | 1 Gnu | 1 Gnats | 2024-02-04 | 2.1 LOW | N/A |
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | |||||
CVE-2004-2572 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2024-02-04 | 5.0 MEDIUM | N/A |
AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable. | |||||
CVE-2005-2142 | 1 Kmint21 Software | 1 Golden Ftp Server | 2024-02-04 | 2.1 LOW | N/A |
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command. | |||||
CVE-2006-1605 | 1 Exponent | 1 Exponent Cms | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP." | |||||
CVE-2005-1334 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1579. Reason: This candidate is a duplicate of CVE-2005-1579. Notes: All CVE users should reference CVE-2005-1579 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |